diff options
author | Joe Watkins <krakjoe@php.net> | 2018-11-13 12:57:38 +0100 |
---|---|---|
committer | Joe Watkins <krakjoe@php.net> | 2018-11-13 12:58:23 +0100 |
commit | ce4eb8997651e04fa9284ac3a7e1a2fb2da7df9e (patch) | |
tree | 0435da9d178834804354ddaba20d361243baa2bb | |
parent | 77646d2fd939e9d6af1a8a47f8550b3f680d1456 (diff) | |
parent | ec2e7a2d480cfe51e5a234354a50bb4c85fae155 (diff) | |
download | php-git-ce4eb8997651e04fa9284ac3a7e1a2fb2da7df9e.tar.gz |
Merge branch 'PHP-7.1' into PHP-7.2
* PHP-7.1:
Validate length on socket_write
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | ext/sockets/sockets.c | 15 | ||||
-rw-r--r-- | ext/sockets/tests/socket_send_params.phpt | 17 | ||||
-rw-r--r-- | ext/sockets/tests/socket_sendto_params.phpt | 17 | ||||
-rw-r--r-- | ext/sockets/tests/socket_write_params.phpt | 3 |
5 files changed, 55 insertions, 0 deletions
@@ -20,6 +20,9 @@ PHP NEWS . Fixed bug #76348 (WSDL_CACHE_MEMORY causes Segmentation fault). (cmb) . Fixed bug #77141 (Signedness issue in SOAP when precision=-1). (cmb) +- Sockets: + . Fixed bug #67619 (Validate length on socket_write). (thiagooak) + 08 Nov 2018, PHP 7.2.12 - Core: diff --git a/ext/sockets/sockets.c b/ext/sockets/sockets.c index efa66f471a..fae7e53382 100644 --- a/ext/sockets/sockets.c +++ b/ext/sockets/sockets.c @@ -1175,6 +1175,11 @@ PHP_FUNCTION(socket_write) return; } + if (length < 0) { + php_error_docref(NULL, E_WARNING, "Length cannot be negative"); + RETURN_FALSE; + } + if ((php_sock = (php_socket *)zend_fetch_resource(Z_RES_P(arg1), le_socket_name, le_socket)) == NULL) { RETURN_FALSE; } @@ -1717,6 +1722,11 @@ PHP_FUNCTION(socket_send) return; } + if (len < 0) { + php_error_docref(NULL, E_WARNING, "Length cannot be negative"); + RETURN_FALSE; + } + if ((php_sock = (php_socket *)zend_fetch_resource(Z_RES_P(arg1), le_socket_name, le_socket)) == NULL) { RETURN_FALSE; } @@ -1879,6 +1889,11 @@ PHP_FUNCTION(socket_sendto) return; } + if (len < 0) { + php_error_docref(NULL, E_WARNING, "Length cannot be negative"); + RETURN_FALSE; + } + if ((php_sock = (php_socket *)zend_fetch_resource(Z_RES_P(arg1), le_socket_name, le_socket)) == NULL) { RETURN_FALSE; } diff --git a/ext/sockets/tests/socket_send_params.phpt b/ext/sockets/tests/socket_send_params.phpt new file mode 100644 index 0000000000..44be133bf9 --- /dev/null +++ b/ext/sockets/tests/socket_send_params.phpt @@ -0,0 +1,17 @@ +--TEST-- +ext/sockets - socket_send - test with incorrect parameters +--SKIPIF-- +<?php + if (!extension_loaded('sockets')) { + die('skip sockets extension not available.'); + } +?> +--FILE-- +<?php + $rand = rand(1,999); + $s_c = socket_create_listen(31330+$rand); + $s_w = socket_send($s_c, "foo", -1, MSG_OOB); + socket_close($s_c); +?> +--EXPECTF-- +Warning: socket_send(): Length cannot be negative in %s on line %i diff --git a/ext/sockets/tests/socket_sendto_params.phpt b/ext/sockets/tests/socket_sendto_params.phpt new file mode 100644 index 0000000000..f232258ec0 --- /dev/null +++ b/ext/sockets/tests/socket_sendto_params.phpt @@ -0,0 +1,17 @@ +--TEST-- +ext/sockets - socket_sendto - test with incorrect parameters +--SKIPIF-- +<?php + if (!extension_loaded('sockets')) { + die('skip sockets extension not available.'); + } +?> +--FILE-- +<?php + $rand = rand(1,999); + $s_c = socket_create_listen(31330+$rand); + $s_w = socket_sendto($s_c, "foo", -1, MSG_OOB, '127.0.0.1'); + socket_close($s_c); +?> +--EXPECTF-- +Warning: socket_sendto(): Length cannot be negative in %s on line %i diff --git a/ext/sockets/tests/socket_write_params.phpt b/ext/sockets/tests/socket_write_params.phpt index 5d0f113ca0..0ebd69192a 100644 --- a/ext/sockets/tests/socket_write_params.phpt +++ b/ext/sockets/tests/socket_write_params.phpt @@ -17,6 +17,7 @@ fa@php.net $s_c = socket_create_listen(31330+$rand); $s_w = socket_write($s_c); $s_w = socket_write($s_c, "foo"); + $s_w = socket_write($s_c, "foo", -1); socket_close($s_c); ?> --EXPECTF-- @@ -25,3 +26,5 @@ Warning: socket_write() expects at least 2 parameters, 0 given in %s on line %i Warning: socket_write() expects at least 2 parameters, 1 given in %s on line %i Warning: socket_write(): unable to write to socket [%i]: %a in %s on line %i + +Warning: socket_write(): Length cannot be negative in %s on line %i |